package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class JDBCDemo8 {
    public static void main(String[] args) {
        try (
                Connection connection = DBUtil.getConnection();
        ){
            String sql = "SELECT username,password,nickname,age " +
                         "FROM userinfo " +
                         "WHERE username=? AND password=?";
            //先将SQL发送给数据库，使其理解语义
            PreparedStatement ps = connection.prepareStatement(sql);
            //通过ps为两个?指定值
            ps.setString(1,"张三");
//            ps.setString(2,"123456");
            ps.setString(2,"a' OR '1'='1");

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }


        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
